The U.S. Federal Bureau of Investigation has issued a flash alert warning that Contri ransomware attacks are continuing to impact healthcare providers and others.

The alert, issued on May 20, claims that there have now been 16 Conti ransomware attacks targeting healthcare and first responder networks, including law enforcement agencies, emergency medical services, 911 dispatch centers and municipalities in the last year. The cases are among more than 400 organizations worldwide targeted by Conti, including 290 located in the U.S.

“Like most ransomware variants, Conti typically steals victim’s files and encrypts the servers and workstations in an effort to force a ransom payment from the victim,” the FBI said. “If the ransom is not paid, the stolen data is sold or published to a public site controlled by the Conti actors.

The FBI notes that recent ransomware demands have been as high as $25 million.

One recent Conti ransomware attack targeted Ireland’s health service, with some stolen patient data shared online. Previous Conti victims include industrial computer manufacturer Advantech Co. Ltd. in November, VOIP hardware and software maker Sangoma Technologies Corp. in December and hospitals in Florida and Texas in February.

“Ransomware groups, like the Conti actors, are going to keep popping up and continue to gain sophistication with every organization that pays,” Joseph Neumann, cyber executive advisor at cybersecurity advisory services Coalfire Systems Inc., told SiiconANGLE. “Hitting first responders and hospitals are good targets due to the pressing need to get back into service after an attack.”

Even if these organizations have a solid plan to get back to normal, it might be slower than paying the ransomware, Neumann added. “As seen from the Colonial pipeline incident, that is still affecting gas prices and demand, restoration of service is slow even when the ransom is paid,” he said.

Bob Rudis, chief data scientist at cybersecurity and compliance solutions provider Rapid7 Inc., noted that this alert isn’t particularly shocking, since healthcare providers have long been a very common target for ransomware attackers.

“Healthcare organizations offer a perfect storm of circumstance that makes them very juicy targets,” Rudis said. “They notoriously struggle to patch systems that are being used around the clock and struggle to justify investment in cybersecurity over investment more directly linked to providing care, while the chaos and time-sensitivity of clinical environments make identity and access management more challenging.”

Photo: J/Flickr